Generally speaking, many electronic devices, and specifically information processing devices, provide access to data that is meant for limited audiences. Various means may be employed to ensure that the private, secure data is accessible only to specified persons or authorized persons.
One known means for controlled access is password protection. With password protection, an authorized person either supplies a unique password or is assigned a unique password (e.g., by a system administrator). The password is typically a specific sequence of characters, that is, letters, numbers, punctuation, and other keyboard symbols. In order to access the secure data, an authorized user must first enter the appropriate password. In some cases, password access is required specifically before accessing the secure data. In other systems, password access may be required to initialize an entire, custom software package that is used to access the secure data. In still other cases, password access may be required to access a network or network server, which stores the secure data.
In general, for password access control to be effective, the password should be known only to those persons who are allowed access to the secure data. If the password becomes known to persons other than the authorized user(s) of the data, then those other persons, who are unauthorized, may be able to obtain access to the data as well.
Passwords are often entered via a keyboard, which typically allows some degree of privacy. Consider an authorized user entering a password via a keyboard and display screen (or a touch screen display). Even if unauthorized persons are present in the room, and are in general proximity to the keyboard, a display screen will typically show masking characters (such as asterisks (“*****”)) in place of the password characters. This prevents the nearby-unauthorized person from reading the password on the display screen. Also, the authorized user who is typing a password may employ various precautions to ensure that other, nearby persons do not see the keyboard as the password is being typed. In many cases, simply the rapid motion of human fingers while typing prevents a nearby person from being able to ascertain the password sequence.
However, it is increasingly common for electronic devices to be voice controlled and voice activated. An example is the VOCOLLECT™ VOICE INSPECTION™ system, which is used for data input and data output in hands-busy, eyes-busy environments (e.g., factories, warehouses, and repair shops). Such a system enables the user to control the electronic device, and to access and modify data, using voice commands. The system may also provide information via audio means, such as a simulated voice.
With such voice-actuated systems, a problem arises regarding password protection. To be truly hands free, and totally voice-driven, an authorized user may need to provide a password in the form of an audio command. For example, the authorized user may be prompted for the password, and then the authorized user recites each element of the password aloud. (The device can then process the password to determine if it is correct, and then provide suitable data access.)
If a password is provided by speech, that is, via words spoken aloud by the authorized user, then any unauthorized persons in nearby proximity may be able to hear the password. The unauthorized persons would then know the password, and so may be able to have unauthorized access to the secure data.
Therefore, a need exists for a system and method for secure password entry where the password is spoken aloud. One means might be for the authorized user, or a system administrator, to create a new, unique password at frequent time intervals. However, such a system would present significant inconveniences and impracticalities both for the authorized user and system administrator.
Therefore, more specifically, a need exists for a convenient system to automatically create one-time passwords for each password entry. Such a system must also be able to convey the password to the authorized user, preferably by audio means, in a way that still maintains the security of each one-time, unique password.
With such a system, a password which is spoken aloud once—and which may be heard by unauthorized users—is only useful that one time, and so cannot be used on a later occasion by an unauthorized user. To be effective, such a one-time, unique password system must be convenient for the authorized users.